Email phishing is a scheme used by fraudsters who pose as a financial institution, ATM/debit network, credit card company, online retailer, or other service provider to trick unsuspecting individuals into disclosing personal financial information. Typically, a target would receive an unsolicited email that appears to be from an organization asking you to verify personal or financial information. These are organizations that, in some way, may be connected to your checking or savings account, such as your financial institution, utility company, or payment company. To encourage immediate action, the request usually warns that an unauthorized transaction has occurred on your account or that your service may be interrupted or shut down unless you confirm your information.

How can I recognize a phishing email?

To better recognize a phishing email, understand tactics like fake URLs, generic greetings, and urgent language that scammers use to deceive you. These clues help you distinguish fraudulent messages from legitimate ones.

  • For example, the return email address might be 'support@bank-secure.com' instead of the official domain, or URLs may contain random characters like 'http://paypa1.com/verify'. Recognizing these signs helps you spot potential scams.
  • The greeting is generic, doesn't address you by name, or appears incomplete.
  • URLs included in the email feature page links are lengthy, contain random characters, and don't include the correct domain name.
  • The email requests confirmation of personal information such as account number, SSN, etc.
  • Spelling or grammatical errors are present, the image quality is poor, and threatening language is used.
  • An extreme sense of urgency may be communicated.

Below is an example of a phishing email and a few things to look out for.

An example of a phishing email, highlighting the things to look out for.
  1. Sense of urgency: Phishing scams use words that intend to cause fear or motivate you to act fast without thinking it through.
  2. Conflicting domain name: It shows it's from 4Front Credit Union, but the email address itself is not. Note: 4Front email addresses will end in @4frontcu.com.
  3. Sloppy details: Keep an eye out for bad spelling, grammar, and factual errors, like saying they're from 4Front, but then stating another credit union in the body of the content.
  4. Inconsistent URL: Be cautions when clicking on any links. Hover over the linked text to view the URL, but don't click it. Ensure the URL that displays is a legitimate webpage before clicking. When in doubt, don't click.
  5. Branding issues: Fraudsters sometimes include company logos in attempts to look legitimate. Pay attention to how the company graphics are presented. Is the logo fuzzy or does it look stretched? 

Reminder: We'll never email our members to request or verify personal information.

How can I protect myself from phishing schemes?

Phishing emails are becoming more strategic as cybercriminals learn which techniques are most effective. More effectively protect yourself from these scams by employing the following tips:

  • Do not reply to unsolicited emails or pop-up messages asking for personal or financial information.
  • Always verify links before clicking and call the business directly to confirm legitimacy instead of relying solely on email links.
  • When providing personal data online, verify the website's security by checking for 'https' in the URL and a padlock icon. These indicators help ensure the site is legitimate and protect your information.
  • Use anti-virus software, anti-spyware, and a firewall.
  • Review account statements regularly to verify all transactions.
  • Report all phishing attacks immediately, and if necessary, file a complaint using these resources:
    • File a complaint with the Internet Crime Complaint Center (IC3) at www.ic3.gov. The IC3 was established by the FBI and the National White Collar Crime Center (NW3C) to receive Internet-related criminal complaints, conduct further research, and refer cases to federal, state, local, or international law enforcement for investigation.
    • Forward the email in question to the Federal Trade Commission's (FTC) deceptive spam database at spam@uce.gov. The FTC and its law enforcement partners use the database to generate cases against people who use spam to spread false or misleading information about their products or services.
    • If you believe you have been the victim of an internet scam, you may file a complaint with the FTC.
  • Change your debit card PIN periodically.
  • If you believe you have provided personal or financial information in response to a fraudulent request, report the incident to your account provider(s) as soon as possible. Keep a record of the names, account numbers, and customer service numbers for all financial accounts you maintain. Also, report the theft to the three major credit-reporting agencies:
  • Regularly reviewing your credit report can give you peace of mind and confidence in your financial security. You can review your credit score anytime on your online banking or the 4FrontGo app by enrolling in the free service Credit Score powered by SavvyMoney.

If you have any questions regarding member security, give us a call at 800-765-0110.